Get Active Directory Contact information

brian-clanton · November 8, 2016, 10:40am

Is there a way I can run a script from AD server to get list of contacts to eventually modify?

Getting my list is easy with the following command:

Get-ADObject -Filter ‘ObjectClass -eq “Contact”’ -SearchBase ‘OU=AmericanSokol-Contacts,OU=AmericanSokol, OU=Hosted, DC=techpro, dc=local’

However, I will need to modify the Contact info and to do that, there are Exchange cmdlets like get-contact that do not work on the AD server.

Is there a way to do this exclusively from AD or do I need to immport Exchange modules from Exchange?

dan-potter · November 8, 2016, 11:05am

set-adobject

brian-clanton · November 8, 2016, 11:29am

The trick is, how do I query the Contact Attribute “showinaddressbook” to see if it is Null? From initial research, it seems that I can only do this from Exchange.

I have limited access to Exchange so I am trying to accomplish this from AD if possible.

skalizar · November 8, 2016, 11:30am

It can be tricky trying to do it with only the AD commands. You would be better off running the exchange commands when its time to make the modifications. There are subtle things that change in many instances that you may not account for when attempting to do them manually in AD.

dan-potter · November 8, 2016, 12:04pm

get-adobject -Filter {(objectclass -eq ‘contact’) -and (showinaddressbook -like “*”)} -Properties showinaddressbook | select -First 1

inverse is -notlike

brian-clanton · November 9, 2016, 5:09pm

So upshot is that I need to import Exchange capabilities when I have to modify/delete/write entries in the attribute list if it relates to these email contacts…specifically the showinaddressbook attribute?

dan-potter · November 10, 2016, 7:49am

If an attribute is writeable you can do whatever you want with it. It’s not so hard to use both exchange and ad modules together, I do it all the time. Grab the installation media for exchange and only install the tools.

skalizar · November 10, 2016, 1:52pm

Yes, the “Hide From Exchange address list” attribute is not straightforward. The checkbox in EMC is stored in msExchHideFromAddressLists and is checked if true, but unchecked can be False or Null. If you uncheck it in EMC, it nulls it. However, the checkbox has nothing to do with it being actually hidden. ShowInAddressBook contains the address list(s) where it is visible, and when you hide it in EMC, it does not remove it from all of them. If you want to hide it, you can set msExchHideFromAddressLists to True and clear ShowInAddressBook. If you want to make it visible again, however, you should do it through EMC or use the Exchange command, “Set-Mailbox $mb -HiddenFromAddressListsEnabled $false”. Exchange knows which address lists to use to make it properly visible again. I’m sure you could do this as well with just AD, but you’d have to know your Exchange environment exceedingly well, and it could change on you and cause your AD only script to fail.

Edit: forgot you were doing this with contacts, same concept though, different command, “Set-MailContact $ct -HiddenFromAddressListsEnabled $false”

brian-clanton · November 11, 2016, 4:10pm

From one of the technicians, this is the pseudo code he put together for me as far as what he wants to accomplish.

Prompt for OU
$OU = User Input

$ContactsArray = Get List of root OU entry and subtrees of root OU of any contact type.
ForEach ($Contact in $ContactsArray){
If ($Contact.Attribute. showAddressBoook -eq Null){
Make Entry
CN=$OU Global Address List,CN=All Global Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local

CN=$OU- All Users,CN=All Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local

CN=$OU- All Groups,CN=All Address Lists,CN=Address Lists Container,CN=TechPro-Hosted-Org,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=techpro,DC=local
Else
Skip

}

skalizar · November 14, 2016, 10:26am

$list=@(‘dn1’,
‘dn2’,
‘dn3’)

get contact list
for each {
set-adobject -identity $contact.distinguishedname -replace @{showinAddressBook = $list}
}

Obviously untested pseudo-code. Start with a single contact that you can screw up and fix unless you have a test environment.

brian-clanton · November 17, 2016, 5:18pm

The ‘get-contact’ list is the challenge since I would need to import Exchange session into my PS console which I am running from their AD server.

I am having an issue importing Exchange where it errors out when I run ‘import-session’ with the correct syntax.

I have another post regarding this issue:
https://powershell.org/forums/topic/importing-exchange-2013/

skalizar · November 18, 2016, 9:06am

You can get them with exchange.

get-adobject -ldapfilter “(&(objectClass=contact)(objectCategory=person)(!showinAddressBook=*))” -properties *

This gets all contacts where showinAddressBook is null.

Add other parameters as needed, searchbase, etc.

isyvupigy · August 29, 2017, 4:55am

hydrominum-info.pl Debone native equal discoursed suspense plunders. Discriminate telly balmy meditates dither. Wirier.

amude · September 4, 2017, 1:34pm

skinoren-info.pl Flounces invalid contretemps madam harm penalise ebullient. Revs tanneries historically gory brewer.